#!/usr/bin/env bash
# SPDX-License-Identifier: BSD-3-Clause

set -eo pipefail

export COV_PROJECT="01org/tpm2.0-tools"
echo "COV_PROJECT=$COV_PROJECT"

if [ -z "$COVERITY_SCAN_TOKEN" ]; then
  echo "coverity.run invoked without COVERITY_SCAN_TOKEN set...exiting!"
  exit 1
fi

if [ -z "$COVERITY_SUBMISSION_EMAIL" ]; then
  echo "coverity.run invoked without COVERITY_SUBMISSION_EMAIL set...exiting!"
  exit 1
fi

# Sanity check, this should only be executing on the coverity_scan branch
if [[ "$REPO_BRANCH" != *coverity_scan ]]; then
  echo "coverity.run invoked for non-coverity branch $REPO_BRANCH...exiting!"
  exit 1
fi

if [[ "$CC" == clang* ]]; then
  echo "Coverity scan branch detected, not running with clang...exiting!"
  exit 1
fi

# branch is coverity_scan
echo "Running coverity build"

# ensure coverity_scan tool is available to the container
# We cannot package these in the docker image, as we would be distributing their software
# for folks not coupled to our COVERITY_SCAN_TOKEN.
if [ ! -f "$(pwd)/cov-analysis/bin/cov-build" ]; then
  curl --data-urlencode "project=$COV_PROJECT" \
       --data-urlencode "token=$COVERITY_SCAN_TOKEN" \
       "https://scan.coverity.com/download/linux64" -o coverity_tool.tgz

  stat coverity_tool.tgz

  curl --data-urlencode "project=$COV_PROJECT" \
       --data-urlencode "token=$COVERITY_SCAN_TOKEN" \
       --data-urlencode "md5=1" \
       "https://scan.coverity.com/download/linux64" -o coverity_tool.md5

  stat coverity_tool.md5
  cat coverity_tool.md5
  md5sum coverity_tool.tgz
  echo "$(cat coverity_tool.md5)" coverity_tool.tgz | md5sum -c

  echo "unpacking cov-analysis"
  tar -xf coverity_tool.tgz
  mv cov-analysis-* cov-analysis
fi

export PATH=$PATH:$(pwd)/cov-analysis/bin

echo "Which cov-build: $(which cov-build)"

pushd "$DOCKER_BUILD_DIR"

git config --global --add safe.directory "$DOCKER_BUILD_DIR"
source ".ci/docker-prelude.sh"

echo "Performing build with Coverity Scan"
rm -rf cov-int
./bootstrap && ./configure --enable-debug && make clean
cov-build --dir $DOCKER_BUILD_DIR/cov-int make -j $(nproc)

echo "Collecting Coverity data for submission"
rm -fr README
AUTHOR="$(git log -1 $HEAD --pretty="%aN")"
AUTHOR_EMAIL="$(git log -1 $HEAD --pretty="%aE")"
VERSION="$(git rev-parse HEAD)"
echo "Name: $AUTHOR" >> README
echo "Email: $AUTHOR_EMAIL" >> README
echo "Project: tpm2-tools" >> README
echo "Build-Version: $VERSION" >> README
echo "Description: $REPO_NAME $REPO_BRANCH" >> README
echo "Submitted-by: tpm2-tools CI" >> README
echo "---README---"
cat README
echo "---EOF---"

rm -f tpm2-tools-scan.tgz
tar -czf tpm2-tools-scan.tgz README cov-int

rm -rf README cov-int

# upload the results
echo "Testing for scan results..."
scan_file=$(stat --printf='%n' tpm2-*-scan.tgz)

echo "Submitting data to Coverity"
curl --form token="$COVERITY_SCAN_TOKEN" \
  --form email="$COVERITY_SUBMISSION_EMAIL" \
  --form project="$COV_PROJECT" \
  --form file=@"$scan_file" \
  --form version="$VERSION" \
  --form description="$REPO_NAME $REPO_BRANCH" \
  "https://scan.coverity.com/builds?project=01org%2Ftpm2.0-tools"

rm -rf tpm2-*-scan.tgz

popd

exit 0
